当前位置：首页 > news >正文

查看一个网站的备案东莞石龙网站建设

news 2026/5/8 12:15:43

查看一个网站的备案,东莞石龙网站建设,帮他人做视频网站违法吗,织梦网络设计工作室网站模板OpenStack Yoga部署安装OpenStack 一、基础准备基于OpenStack经典的三节点环境进行部署#xff0c;三个节点分别是控制节点#xff08;controller#xff09;、计算节点#xff08;compute#xff09;、存储节点#xff08;storage#xff09;#xff0c;其中存储…OpenStack Yoga部署安装OpenStack 一、基础准备基于OpenStack经典的三节点环境进行部署三个节点分别是控制节点controller、计算节点compute、存储节点storage其中存储节点一般只部署存储服务在资源有限的情况下可以不单独部署该节点把存储节点上的服务部署到计算机节点即可。首先准备三个openEuler22.09环境节点规划如下虚拟机版本主机名 IP地址 openEuler22.09 Controller 192.168.110.150 openEuler22.09 Compute 192.168.110.151 openEuler22.09 Storage 192.168.110.152 1.1yum源配置打开/etc/yum.repos.d/openEuler.repo文件检查[EPOL]源是否存在若不存在则添加如下内容 [rootcontroller ~]# vi /etc/yum.repos.d/openEuler.repo [EPOL] nameEPOL baseurlhttps://archives.openeuler.openatom.cn/openEuler-22.09/EPOL/main/$basearch/ enabled1 gpgcheck1 gpgkeyhttps://archives.openeuler.openatom.cn/openEuler-22.09/OS/$basearch/RPM-GPG-KEY-openEuler 更新yum源 [rootcontroller ~]# yum update 若在更新yum源时出现如下图所示问题则需要更新仓库URL 将 /etc/yum.repos.d/openEuler.repo文件下的URL地址替换成 https://archives.openeuler.openatom.cn/openEuler-22.09/ 更换完成之后保存退出。 1.2修改主机映射修改每个节点的/etc/hosts文件新增如下内容 192.168.110.150 controller 192.168.110.151 compute 192.168.110.152 storage 1.3设置时间同步 1controller节点安装服务 [rootcontroller ~]# dnf install chrony 修改/etc/chrony.conf配置文件新增如下内容 allow 192.168.110.0/24 #表示允许哪些IP从本节点同步时钟重启服务 [rootcontroller ~]# systemctl restart chronyd 2其他节点安装服务 [rootcompute ~]# dnf install chrony [rootstorage ~]# dnf install chrony 修改/etc/chrony.conf配置文件新增一行同时把 pool pool.ntp.org iburst 这一行注释掉表示不从公网同步时钟。 server 192.168.110.150 iburst 表示从这个机器获取时间。重启服务 [rootcompute ~]# systemctl restart chronyd [rootstorage ~]# systemctl restart chronyd 配置完成后在其他非controller节点执行chronyc sources返回结果类似如下内容表示成功的从controller同步时钟 1.4安装数据库数据库安装在控制节点这里推荐使用MariaDB。 1安装软件包 [rootcontroller ~]# dnf install mysql-config mariadb mariadb-server python3-PyMySQL 2新增配置文件/etc/my.cnf.d/openstack.cnf内容如下 [mysqld] bind-address 192.168.110.150 #本机ip地址 default-storage-engine innodb innodb_file_per_table on max_connections 4096 collation-server utf8_general_ci character-set-server utf8 3启动服务器 [rootcontroller ~]# systemctl start mariadb 4初始化数据库 [rootcontroller ~]# mysql_secure_installation NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY! In order to log into MariaDB to secure it, well need the current password for the root user. If youve just installed MariaDB, and havent set the root password yet, you should just press enter here. Enter current password for root (enter for none): #这里输入密码由于我们初始化DB所以直接回车即可 OK, successfully used password, moving on... Setting the root password or using the unix_socket ensures that nobody can log into the MariaDB root user without the proper authorisation. You already have your root account protected, so you can safely answer n. Switch to unix_socket authentication [Y/n] y Enabled successfully! Reloading privilege tables.. ... Success! You already have your root account protected, so you can safely answer n. Change the root password? [Y/n] y #输入y修改密码 New password: #密码一定要记住 Re-enter new password: Password updated successfully! Reloading privilege tables.. ... Success! By default, a MariaDB installation has an anonymous user, allowing anyone to log into MariaDB without having to have a user account created for them. This is intended only for testing, and to make the installation go a bit smoother. You should remove them before moving into a production environment. Remove anonymous users? [Y/n] y #输入y删除匿名用户 ... Success! Normally, root should only be allowed to connect from localhost. This ensures that someone cannot guess at the root password from the network. Disallow root login remotely? [Y/n] n #输入y关闭root远程登录权限 ... skipping. By default, MariaDB comes with a database named test that anyone can access. This is also intended only for testing, and should be removed before moving into a production environment. Remove test database and access to it? [Y/n] y #输入y删除test数据库 - Dropping test database... ... Success! - Removing privileges on test database... ... Success! Reloading the privilege tables will ensure that all changes made so far will take effect immediately. Reload privilege tables now? [Y/n] y #输入y重新加载 ... Success! Cleaning up... All done! If youve completed all of the above steps, your MariaDB installation should now be secure. Thanks for using MariaDB! 5验证是否可以登录mariadb [rootcontroller ~]# mysql -uroot -p Enter password: Welcome to the MariaDB monitor. Commands end with ; or \g. Your MariaDB connection id is 12 Server version: 10.5.16-MariaDB MariaDB Server Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others. Type help; or \h for help. Type \c to clear the current input statement. MariaDB [(none)] 1.5安装消息列队消息列队安装在控制节点这里推荐使用rabbitmq。 1安装软件包 [rootcontroller ~]# dnf install rabbitmq-server 2启动服务 [rootcontroller ~]# systemctl start rabbitmq-server 3配置OpenStack用户RABBIT_PASS是OpenStack服务登录消息队里的密码需要和后面各个服务的配置保持一致 [rootcontroller ~]# rabbitmqctl add_user openstack RABBIT_PASS Adding user openstack ... Done. Dont forget to grant the user permissions to some virtual hosts! See rabbitmqctl help set_permissions to learn more. [rootcontroller ~]# rabbitmqctl set_permissions openstack .* .* .* Setting permissions for user openstack in vhost / ... 1.6安装缓存服务缓存列队安装在控制节点这里推荐使用Memcached。 1安装软件包 [rootcontroller ~]# dnf install memcached python3-memcached 2修改配置文件/etc/sysconfig/memcached PORT11211 USERmemcached MAXCONN1024 CACHESIZE64 OPTIONS-l 127.0.0.1,::1,controller 3启动服务 [rootcontroller ~]# systemctl start memcached 二、部署服务 2.1Keystone Keystone是OpenStack提供的鉴权服务是整个OpenStack的入口提供了租户隔离、用户认证、服务发现等功能必须安装。 1创建keystone数据库并授权 MariaDB [(none)] CREATE DATABASE keystone; Query OK, 1 row affected (0.001 sec) MariaDB [(none)] GRANT ALL PRIVILEGES ON keystone.* TO keystonelocalhost \ - IDENTIFIED BY KEYSTONE_DBPASS; Query OK, 0 rows affected (0.001 sec) MariaDB [(none)] GRANT ALL PRIVILEGES ON keystone.* TO keystone% \ - IDENTIFIED BY KEYSTONE_DBPASS; Query OK, 0 rows affected (0.001 sec) #替换KEYSTONE_DBPASS为keystone数据库设置的密码 2安装软件包 [rootcontroller ~]# dnf install openstack-keystone httpd mod_wsgi 3配置keystone相关配置 [database] connection mysqlpymysql://keystone:KEYSTONE_DBPASScontroller/keystone [token] provider fernet #[database]部分配置数据库入口 #[token]部分配置token provider 4同步数据库 [rootcontroller ~]# su -s /bin/sh -c keystone-manage db_sync keystone 5初始化Fernet密钥仓库 [rootcontroller ~]# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone [rootcontroller ~]# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone 6启动服务 [rootcontroller ~]# keystone-manage bootstrap --bootstrap-password ADMIN_PASS \ --bootstrap-admin-url http://controller:5000/v3/ \ --bootstrap-internal-url http://controller:5000/v3/ \ --bootstrap-public-url http://controller:5000/v3/ \ --bootstrap-region-id RegionOne #ADMIN_PASS为admin用户设置的密码 7配置Apache HTTP Server 打开httpd.conf并配置/etc/httpd/conf/httpd.conf #修改以下项如果没有则新添加 ServerName controller 创建软链接 [rootcontroller ~]# ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/ 8启动Apache HTTP服务 [rootcontroller ~]# systemctl enable httpd Created symlink /etc/systemd/system/multi-user.target.wants/httpd.service → /usr/lib/systemd/system/httpd.service. [rootcontroller ~]# systemctl start httpd 9创建环境变量配置 [rootcontroller ~]# cat EOF ~/.admin-openrc export OS_PROJECT_DOMAIN_NAMEDefault export OS_USER_DOMAIN_NAMEDefault export OS_PROJECT_NAMEadmin export OS_USERNAMEadmin export OS_PASSWORDADMIN_PASS export OS_AUTH_URLhttp://controller:5000/v3 export OS_IDENTITY_API_VERSION3 export OS_IMAGE_API_VERSION2 EOF #替换ADMIN_PASS为admin用户的密码 10依次创建domainprojectsusersroles 安装python3-openstackclient [rootcontroller ~]# dnf install python3-openstackclient 导入环境变量 [rootcontroller ~]# source ~/.admin-openrc 创建protect service其中domain default在keystone-manage bootstrap时已创建 [rootcontroller ~]# openstack domain create --description An Example Domain example [rootcontroller ~]# openstack project create --domain default --description Service Project service 创建non-adminproject myprojectuser myuser和role myrole为myproject和myuser添加角色myrole [rootcontroller ~]# openstack project create --domain default --description Demo Project myproject [rootcontroller ~]# openstack user create --domain default --password-prompt myuser [rootcontroller ~]# openstack role create myrole [rootcontroller ~]# openstack role add --project myproject --user myuser myrole 验证取消临时环境变量OS_AUTH_URL和OS_PASSWORD [rootcontroller ~]# source ~/.admin-openrc [rootcontroller ~]# unset OS_AUTH_URL OS_PASSWORD 为admin用户请求token [rootcontroller ~]# openstack --os-auth-url http://controller:5000/v3 \ --os-project-domain-name Default --os-user-domain-name Default \ --os-project-name admin --os-username admin token issue 为myuser用户请求token [rootcontroller ~]# openstack --os-auth-url http://controller:5000/v3 \ --os-project-domain-name Default --os-user-domain-name Default \ --os-project-name myproject --os-username myuser token issue 2.2Glance Glance是OpenStack提供的镜像服务负责虚拟机、裸机镜像的上传与下载必须安装 Controller节点 1创建glance数据库并授权 MariaDB [(none)] CREATE DATABASE glance; Query OK, 1 row affected (0.001 sec) MariaDB [(none)] GRANT ALL PRIVILEGES ON glance.* TO glancelocalhost \ - IDENTIFIED BY GLANCE_PASS; Query OK, 0 rows affected (0.001 sec) MariaDB [(none)] GRANT ALL PRIVILEGES ON glance.* TO glance% \ - IDENTIFIED BY GLANCE_DBPASS; Query OK, 0 rows affected (0.001 sec) #替换GLANCE_PASS为glance数据库设置密码 2初始化glance资源对象导入环境变量 [rootcontroller ~]# source ~/.admin-openrc 创建用户时命令行会提示输入密码请输入自定义的密码下文涉及到GLANCE_PASS的地方替换成该密码即可。 [rootcontroller ~]# openstack user create --domain default --password-prompt glance User Password: Repeat User Password: 3添加glance用户到service project并指定admin角色 [rootcontroller ~]# openstack role add --project service --user glance admin 4创建glance服务实体 [rootcontroller ~]# openstack service create --name glance --description OpenStack Image image 5创建glance API服务 [rootcontroller ~]# openstack endpoint create --region RegionOne image public http://controller:9292 [rootcontroller ~]# openstack endpoint create --region RegionOne image internal http://controller:9292 [rootcontroller ~]# openstack endpoint create --region RegionOne image admin http://controller:9292 6安装软件包 [rootcontroller ~]# dnf install openstack-glance 7修改glance配置文件 [database] connection mysqlpymysql://glance:GLANCE_DBPASScontroller/glance [keystone_authtoken] www_authenticate_uri http://controller:5000 auth_url http://controller:5000 memcached_servers controller:11211 auth_type password project_domain_name Default user_domain_name Default project_name service username glance password GLANCE_PASS [paste_deploy] flavor keystone [glance_store] stores file,http default_store file filesystem_store_datadir /var/lib/glance/images/ #[database]部分配置数据库入口 #[keystone_authtoken] [paste_deploy]部分配置身份认证服务入口 #[glance_store]部分配置本地文件系统存储和镜像文件的位置 8同步数据库 [rootcontroller ~]# su -s /bin/sh -c glance-manage db_sync glance 9启动服务 [rootcontroller ~]# systemctl enable openstack-glance-api.service Created symlink /etc/systemd/system/multi-user.target.wants/openstack-glance-api.service → /usr/lib/systemd/system/openstack-glance-api.service. [rootcontroller ~]# systemctl start openstack-glance-api.service 10验证导入环境变量 [rootcontroller ~]# source ~/.admin-openrc 下载镜像 X86镜像下载 [rootcontroller ~]# wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img Arm镜像下载 [rootcontroller ~]# wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-aarch64-disk.img 向Image服务上传镜像 [rootcontroller ~]# openstack image create --disk-format qcow2 --container-format bare \ --file cirros-0.4.0-x86_64-disk.img --public cirros 确认镜像上传并验证属性 [rootcontroller ~]# openstack image list 2.3Placement Placement是OpenStack提供的资源调度组件一般不面向用户由Nova等组件调用安装在控制节点。安装、配置placement服务前需要先创建相应的数据库、服务凭证和API endpoints。 1创建数据库使用root用户访问数据库服务 [rootcontroller ~]# mysql -uroot -p 创建placement数据库并授权 MariaDB [(none)] CREATE DATABASE placement; Query OK, 1 row affected (0.001 sec) MariaDB [(none)] GRANT ALL PRIVILEGES ON placement.* TO placementlocalhost \ - IDENTIFIED BY PLACEMENT_PASS; Query OK, 0 rows affected (0.002 sec) MariaDB [(none)] GRANT ALL PRIVILEGES ON placement.* TO placement% \ - IDENTIFIED BY PLACEMENT_DBPASS; Query OK, 0 rows affected (0.001 sec) #替换PLACEMENT_DBPASS为placement数据库访问密码 2配置用户和Endpoints Source admin凭证以获取admin命令行权限 [rootcontroller ~]# source ~/.admin-openrc 创建placement用户并设置用户密码 [rootcontroller ~]# openstack user create --domain default --password-prompt placement User Password: Repeat User Password: 添加placement用户到service project并指定admin角色 [rootcontroller ~]# openstack role add --project service --user placement admin 创建placement服务实体 [rootcontroller ~]# openstack service create --name placement \ --description Placement API placement 创建placement API服务endpoints [rootcontroller ~]# openstack endpoint create --region RegionOne \ placement public http://controller:8778 [rootcontroller ~]# openstack endpoint create --region RegionOne \ placement internal http://controller:8778 [rootcontroller ~]# openstack endpoint create --region RegionOne \ placement admin http://controller:8778 3安装及配置组件安装软件包 [rootcontroller ~]# dnf install openstack-placement-api 编辑/etc/placement/placement.conf配置文件完成如下操作在[placement_database]部分配置数据库入口 [placement_database] connection mysqlpymysql://placement:PLACEMENT_DBPASScontroller/placement 在[api]和[keystone_authtoken]部分配置身份认证服务入口 [api] auth_strategy keystone [keystone_authtoken] auth_url http://controller:5000/v3 memcached_servers controller:11211 auth_type password project_domain_name Default user_domain_name Default project_name service username placement password PLACEMENT_PASS 数据库同步填充placement数据库 [rootcontroller ~]# su -s /bin/sh -c placement-manage db sync placement 4重启服务 [rootcontroller ~]# systemctl restart httpd 5验证 Source admin凭证以获取admin命令行权限 [rootcontroller ~]# source ~/.admin-openrc 执行状态检查 [rootcontroller ~]# placement-status upgrade check 这里可以看到Policy File JSON to YAML Migration 的结果为Failure。这是因为在placement中JSON格式的Policy文件从Wallaby版本开始已处于deprecated状态。可以参考提示使用oslopolicy-convert-json-to-yaml工具将现有的JSON格式Policy文件转化为YAML格式。 [rootcontroller ~]# oslopolicy-convert-json-to-yaml --namespace placement \ --policy-file /etc/placement/policy.json \ --output-file /etc/placement/policy.yaml [rootcontroller ~]# mv /etc/placement/policy.json{,.bak} 注当前环境中此问题可忽略不影响运行针对placement API运行命令安装osc-placement插件 [rootcontroller ~]# dnf install python3-osc-placement 列出可用的资源类别及特性 [rootcontroller ~]# openstack --os-placement-api-version 1.2 resource class list --sort-column name [rootcontroller ~]# openstack --os-placement-api-version 1.6 trait list --sort-column name 2.4Nova Nova是OpenStack的计算服务负责虚拟机的创建、发送等功能。 Controller节点在控制节点执行以下操作 1创建数据库使用root用户访问数据库服务 [rootcontroller ~]# mysql -u root -p 创建nova_api、nova和nova_cell0数据库 MariaDB [(none)] CREATE DATABASE nova_api; Query OK, 1 row affected (0.001 sec) MariaDB [(none)] CREATE DATABASE nova; Query OK, 1 row affected (0.000 sec) MariaDB [(none)] CREATE DATABASE nova_cell0; Query OK, 1 row affected (0.001 sec) 授权数据库访问 MariaDB [(none)] GRANT ALL PRIVILEGES ON nova_api.* TO novalocalhost \ - IDENTIFIED BY NOVA_DBPASS; Query OK, 0 rows affected (0.003 sec) MariaDB [(none)] GRANT ALL PRIVILEGES ON nova_api.* TO nova% \ - IDENTIFIED BY NOVA_DBPASS; Query OK, 0 rows affected (0.001 sec) MariaDB [(none)] GRANT ALL PRIVILEGES ON nova.* TO novalocalhost \ - IDENTIFIED BY NOVA_DBPASS; Query OK, 0 rows affected (0.001 sec) MariaDB [(none)] GRANT ALL PRIVILEGES ON nova.* TO nova% \ - IDENTIFIED BY NOVA_DBPASS; Query OK, 0 rows affected (0.001 sec) MariaDB [(none)] GRANT ALL PRIVILEGES ON nova_cell0.* TO novalocalhost \ - IDENTIFIED BY NOVA_DBPASS; Query OK, 0 rows affected (0.001 sec) MariaDB [(none)] GRANT ALL PRIVILEGES ON nova_cell0.* TO nova% \ - IDENTIFIED BY NOVA_DBPASS; Query OK, 0 rows affected (0.001 sec) 2配置用户和endpoints Source admin凭证以获取admin命令行权限 [rootcontroller ~]# source ~/.admin-openrc 创建nova用户并设置用户密码 [rootcontroller ~]# openstack user create --domain default --password-prompt nova User Password: Repeat User Password: 添加nova用户到service project并指定admin角色 [rootcontroller ~]# openstack role add --project service --user nova admin 创建nova服务实体 [rootcontroller ~]# openstack service create --name nova \ --description OpenStack Compute compute 创建Nova API服务endpoints [rootcontroller ~]# openstack endpoint create --region RegionOne \ compute public http://controller:8774/v2.1 [rootcontroller ~]# openstack endpoint create --region RegionOne \ compute internal http://controller:8774/v2.1 [rootcontroller ~]# openstack endpoint create --region RegionOne \ compute admin http://controller:8774/v2.1 3安装及配置组件安装软件包 [rootcontroller ~]# dnf install openstack-nova-api openstack-nova-conductor \ openstack-nova-novncproxy openstack-nova-scheduler 编辑/etc/nova/nova.conf配置文件完成如下操作在[default]部分启用计算和元数据的API配置RebbitMQ消息队列入口使用controller节点管理ip配置my_ip显示定义log_dir [DEFAULT] enabled_apis osapi_compute,metadata transport_url rabbit://openstack:RABBIT_PASScontroller:5672/ my_ip 192.168.110.150 log_dir /var/log/nova 在[api_database]和[database]部分配置数据库入口 [api_database] connection mysqlpymysql://nova:RABBIT_DBPASScontroller/nova_api [database] connection mysqlpymysql://nova:RABBIT_DBPASScontroller/nova 在[api]和[keystone_authtoken]部分配置身份认证服务入口 [api] auth_strategy keystone [keystone_authtoken] auth_url http://controller:5000/v3 memcached_servers controller:11211 auth_type password project_domain_name Default user_domain_name Default project_name service username nova password NOVA_PASS 在[vnc]部分启用并配置远程控制台入口 [vnc] enabled true server_listen $my_ip server_proxyclient_address $my_ip 在[glance]部分配置镜像服务API的地址 [glance] api_servers http://controller:9292 在[oslo_concurrency]部分配置lock path [oslo_concurrency] lock_path /var/lib/nova/tmp 在[placement]部分配置placement服务的入口 [placement] region_name RegionOne project_domain_name Default project_name service auth_type password user_domain_name Default auth_url http://controller:5000/v3 username placement password PLACEMENT_PASS 数据库同步同步nova_api数据库 [rootcontroller ~]# su -s /bin/sh -c nova-manage api_db sync nova 注册cell0数据库; [rootcontroller ~]# su -s /bin/sh -c nova-manage cell_v2 map_cell0 nova 创建cell1 cell [rootcontroller ~]# su -s /bin/sh -c nova-manage cell_v2 create_cell --namecell1 --verbose nova 同步nova数据库 [rootcontroller ~]# su -s /bin/sh -c nova-manage db sync nova 验证cell0和cell1注册正确 [rootcontroller ~]# su -s /bin/sh -c nova-manage cell_v2 list_cells nova 4启动服务 [rootcontroller ~]# systemctl enable \ openstack-nova-api.service \ openstack-nova-scheduler.service \ openstack-nova-conductor.service \ openstack-nova-novncproxy.service [rootcontroller ~]# systemctl start \ openstack-nova-api.service \ openstack-nova-scheduler.service \ openstack-nova-conductor.service \ openstack-nova-novncproxy.service Compute节点在计算节点执行以下操作 1安装软件包 [rootcompute ~]# dnf install openstack-nova-compute 2编辑/etc/nova/nova.conf配置文件在[default]部分启用计算和元数据的API配置RabbitMQ消息队列入口使用Compute节点管理ip配置my_ip显式定义compute_driver、instances_path、log_dir: [DEFAULT] enabled_apis osapi_compute,metadata transport_url rabbit://openstack:RABBIT_PASScontroller:5672/ my_ip 192.168.110.151 compute_driver libvirt.LibvirtDriver instances_path /var/lib/nova/instances log_dir /var/log/nova 在[api]和[keystone_authtoken]部分配置身份认证服务入口 [api] auth_strategy keystone [keystone_authtoken] auth_url http://controller:5000/v3 memcached_servers controller:11211 auth_type password project_domain_name Default user_domain_name Default project_name service username nova password NOVA_PASS 在[vnc]部分启用并配置远程控制台入口 [vnc] enabled true server_listen $my_ip server_proxyclient_address $my_ip novncproxy_base_url http://controller:6080/vnc_auto.html 在[glance]部分配置镜像服务API的地址; [glance] api_servers http://controller:9292 在[oslo_concurrency]部分配置lock path [oslo_concurrency] lock_path /var/lib/nova/tmp [plancement]部分配置placement服务的入口 [placement] region_name RegionOne project_domain_name Default project_name service auth_type password user_domain_name Default auth_url http://controller:5000/v3 username placement password PLACEMENT_PASS 确认计算节点是否支持虚拟机硬件加速X86_64 处理器为X86_64架构时可通过运行如下命令确认是否支持硬件加速 [rootcompute ~]# egrep -c (vmx|svm) /proc/cpuinfo 0 如果返回值为0则不支持硬件加速需要配置libvirt使用QEMU而不是默认的KVM。编辑/etc/nova/nova.conf的[libvirt]部分 [libvirt] virt_type qemu 如果返回值为1或更大的值则支持硬件加速不需要进行额外的配置 4确认计算节点是否支持虚拟机硬件加速arm64 处理器为arm64架构时可通过运行如下命令确认是否支持硬件加速 [rootcompute ~]# virt-host-validate 显示FAIL时表示不支持硬件加速需要配置libvirt使用QEMU而不是默认的KVM 编辑/etc/nova/nova.conf的[libvirt]部分 [libvirt] virt_type qemu 显示PASS时表示支持硬件加速不需要进行额外的配置 5配置qemu仅arm64 仅当处理器为arm64架构时需要执行此操作编辑/etc/libvirt/qemu.conf nvram [/usr/share/AAVMF/AAVMF_CODE.fd: \ /usr/share/AAVMF/AAVMF_VARS.fd, \ /usr/share/edk2/aarch64/QEMU_EFI-pflash.raw: \ /usr/share/edk2/aarch64/vars-template-pflash.raw] 编辑/etc/qemu/firmware/edk2-aarch64.json { description: UEFI firmware for ARM64 virtual machines, interface-types: [ uefi ], mapping: { device: flash, executable: { filename: /usr/share/edk2/aarch64/QEMU_EFI-pflash.raw, format: raw }, nvram-template: { filename: /usr/share/edk2/aarch64/vars-template-pflash.raw, format: raw } }, targets: [ { architecture: aarch64, machines: [ virt-* ] } ], features: [ ], tags: [ ] } 6启动服务 [rootcompute ~]# systemctl enable libvirtd.service openstack-nova-compute.service Created symlink /etc/systemd/system/multi-user.target.wants/openstack-nova-compute.service → /usr/lib/systemd/system/openstack-nova-compute.service. [rootcompute ~]# systemctl start libvirtd.service openstack-nova-compute.service Controller节点在控制节点执行以下操作 1添加计算节点到OpenStack集群 Source admin凭证以获取admin命令行权限 [rootcontroller ~]# source ~/.admin-openrc 确认nova-compute服务已识别到数据库中 [rootcontroller ~]# openstack compute service list --service nova-compute 发现计算节点将计算节点添加到cell数据库 [rootcontroller ~]# su -s /bin/sh -c nova-manage cell_v2 discover_hosts --verbose nova 验证列出服务组件验证每个流程都成功起动和注册 [rootcontroller ~]# openstack compute service list 列出身份服务中的API端点验证与身份服务的连接; [rootcontroller ~]# openstack catalog list 列出镜像服务中的镜像验证与镜像服务的连接 [rootcontroller ~]# openstack image list 检查cells是否运作成功以及其他必要条件是否已具备 [rootcontroller ~]# nova-status upgrade check 2.5 Neutron Neutron 是 OpenStack 中的网络服务组件负责为 OpenStack 环境提供网络连接和 IP 地址管理。它允许用户创建和管理虚拟网络、子网、路由器、安全组等网络资源从而为虚拟机VM提供网络功能。 Controller节点 1创建keystone数据库并赋权 MariaDB [(none)] CREATE DATABASE neutron; Query OK, 1 row affected (0.008 sec) MariaDB [(none)] GRANT ALL PRIVILEGES ON neutron.* TO neutronlocalhost IDENTIFIED BY NEUTRON_DBPASS; Query OK, 0 rows affected (0.012 sec) MariaDB [(none)] GRANT ALL PRIVILEGES ON neutron.* TO neutron% IDENTIFIED BY NEUTRON_DBPASS; Query OK, 0 rows affected (0.001 sec) 2设置环境变量 [rootcontroller ~]# source ~/.admin-openrc 3创建用户和服务并记住创建neutron用户时输入的密码用于配置NEUTRON_PASS [rootcontroller ~]# openstack user create --domain default --password-prompt neutron User Password: Repeat User Password: [rootcontroller ~]# openstack role add --project service --user neutron admin [rootcontroller ~]# openstack service create --name neutron --description OpenStack Networking network 4部署Neutron API服务 [rootcontroller ~]# openstack endpoint create --region RegionOne network public http://controller:9696 [rootcontroller ~]# openstack endpoint create --region RegionOne network internal http://controller:9696 [rootcontroller ~]# openstack endpoint create --region RegionOne network admin http://controller:9696 5安装软件包 [rootcontroller ~]# dnf install -y openstack-neutron openstack-neutron-linuxbridge ebtables ipset openstack-neutron-ml2 6配置Neutron [database] connection mysqlpymysql://neutron:NEUTRON_PASScontroller/neutron [DEFAULT] core_plugin ml2 service_plugins router allow_overlapping_ips true transport_url rabbit://openstack:RABBIT_PASScontroller auth_strategy keystone notify_nova_on_port_status_changes true notify_nova_on_port_data_changes true [keystone_authtoken] www_authenticate_uri http://controller:5000 auth_url http://controller:5000 memcached_servers controller:11211 auth_type password project_domain_name Default user_domain_name Default project_name service username neutron password NEUTRON_PASS [nova] auth_url http://controller:5000 auth_type password project_domain_name Default user_domain_name Default region_name RegionOne project_name service username nova password NOVA_PASS [oslo_concurrency] lock_path /var/lib/neutron/tmp 配置ML2ML2具体配置可以根据需求自行修改这里使用的是provider network linuxbridge** 修改/etc/neutron/plugins/ml2/ml2_conf.ini [ml2] type_drivers flat,vlan,vxlan tenant_network_types vxlan mechanism_drivers linuxbridge,l2population extension_drivers port_security [ml2_type_flat] flat_networks provider [ml2_type_vxlan] vni_ranges 1:1000 [securitygroup] enable_ipset true 修改/etc/neutron/plugins/ml2/linuxbridge_agent.ini [linux_bridge] physical_interface_mappings provider:PROVIDER_INTERFACE_NAME [vxlan] enable_vxlan true local_ip OVERLAY_INTERFACE_IP_ADDRESS l2_population true [securitygroup] enable_security_group true firewall_driver neutron.agent.linux.iptables_firewall.IptablesFirewallDriver 配置Layer-3代理修改/etc/neutron/l3_agent.ini [DEFAULT] interface_driver linuxbridge 配置DHCP代理修改/etc/neutron/dhcp_agent.ini [DEFAULT] interface_driver linuxbridge dhcp_driver neutron.agent.linux.dhcp.Dnsmasq enable_isolated_metadata true 配置metadata代理修改/etc/neutron/metadata_agent.ini [DEFAULT] nova_metadata_host controller metadata_proxy_shared_secret METADATA_SECRET 配置nova服务使用neutron修改/etc/nova/nova.conf [neutron] auth_url http://controller:5000 auth_type password project_domain_name default user_domain_name default region_name RegionOne project_name service username neutron password Ywj035916! service_metadata_proxy true metadata_proxy_shared_secret METADATA_SECRET 创建/etc/neutron/plugin.ini的符号链接 [rootcontroller ~]# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini 7同步数据库 [rootcontroller ~]# su -s /bin/sh -c neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head neutron 8重启nova API服务 [rootcontroller ~]# systemctl restart openstack-nova-api 9启动网络连接 [rootcontroller ~]# systemctl enable neutron-server.service neutron-linuxbridge-agent.service \ neutron-dhcp-agent.service neutron-metadata-agent.service neutron-l3-agent.service [rootcontroller ~]# systemctl start neutron-server.service neutron-linuxbridge-agent.service \ neutron-dhcp-agent.service neutron-metadata-agent.service neutron-l3-agent.service Compute节点 1安装软件包 [rootcompute ~]# dnf install openstack-neutron-linuxbridge ebtables ipset -y 2配置Neutron 修改/etc/neutron/neutron.conf [DEFAULT] transport_url rabbit://openstack:RABBIT_PASScontroller auth_strategy keystone [keystone_authtoken] www_authenticate_uri http://controller:5000 auth_url http://controller:5000 memcached_servers controller:11211 auth_type password project_domain_name Default user_domain_name Default project_name service username neutron password NEUTRON_PASS [oslo_concurrency] lock_path /var/lib/neutron/tmp 修改/etc/neutron/plugins/ml2/linuxbridge_agent.ini [linux_bridge] physical_interface_mappings provider:ens33 [vxlan] enable_vxlan true local_ip 192.168.110.151 l2_population true [securitygroup] enable_security_group true firewall_driver neutron.agent.linux.iptables_firewall.IptablesFirewallDriver 配置nova compute服务使用neutron修改/etc/nova/nova.conf [neutron] auth_url http://controller:5000 auth_type password project_domain_name default user_domain_name default region_name RegionOne project_name service username neutron password NEUTRON_PASS 3重启nova-compute服务 [rootcompute ~]# systemctl restart openstack-nova-compute.service 4启动Neutron linuxbridge agent服务 [rootcompute ~]# systemctl enable neutron-linuxbridge-agent Created symlink /etc/systemd/system/multi-user.target.wants/neutron-linuxbridge-agent.service → /usr/lib/systemd/system/neutron-linuxbridge-agent.service. [rootcompute ~]# systemctl start neutron-linuxbridge-agent 2.6 Cinder Cinder 是 OpenStack 项目中的一个核心组件负责块存储Block Storage服务。它是 OpenStack 的存储服务模块允许用户创建和管理持久化的块存储卷volumes这些卷可以附加到虚拟机VMs上作为虚拟机的存储设备 Controller节点 1创建cinder数据库 MariaDB [(none)] CREATE DATABASE cinder; Query OK, 1 row affected (0.003 sec) MariaDB [(none)] GRANT ALL PRIVILEGES ON cinder.* TO cinderlocalhost IDENTIFIED BY CINDER_DBPASS; Query OK, 0 rows affected (0.017 sec) MariaDB [(none)] GRANT ALL PRIVILEGES ON cinder.* TO cinder% IDENTIFIED BY CINDER_DBPASS; Query OK, 0 rows affected (0.001 sec) MariaDB [(none)] exit 2初始化Keystone资源对象 [rootcontroller ~]# source ~/.admin-openrc [rootcontroller ~]# openstack user create --domain default --password-prompt cinder User Password: Repeat User Password: [rootcontroller ~]# openstack role add --project service --user cinder admin [rootcontroller ~]# openstack service create --name cinderv3 --description OpenStack Block Storage volumev3 [rootcontroller ~]# openstack endpoint create --region RegionOne volumev3 public http://controller:8776/v3/%$project_id$s [rootcontroller ~]# openstack endpoint create --region RegionOne volumev3 internal http://controller:8776/v3/%$project_id$s [rootcontroller ~]# openstack endpoint create --region RegionOne volumev3 admin http://controller:8776/v3/%$project_id$s 3安装软件包 [rootcontroller ~]# dnf install openstack-cinder-api openstack-cinder-scheduler 4修改cinder配置文件/etc/cinder/cinder.conf [DEFAULT] transport_url rabbit://openstack:RABBIT_PASScontroller auth_strategy keystone my_ip 192.168.110.150 [database] connection mysqlpymysql://cinder:CINDER_DBPASScontroller/cinder [keystone_authtoken] www_authenticate_uri http://controller:5000 auth_url http://controller:5000 memcached_servers controller:11211 auth_type password project_domain_name Default user_domain_name Default project_name service username cinder password CINDER_PASS [oslo_concurrency] lock_path /var/lib/cinder/tmp 5数据库同步 [rootcontroller ~]# su -s /bin/sh -c cinder-manage db sync cinder 6修改nova配置/etc/nova/nova.conf [cinder] os_region_name RegionOne 7启动服务 [rootcontroller ~]# systemctl restart openstack-nova-api [rootcontroller ~]# systemctl start openstack-cinder-api openstack-cinder-scheduler Storage节点 Storage节点要提前准备至少一块硬盘作为cinder的存储后端下文默认storage节点已经存在一块未使用的硬盘设备名称为/dev/sdb 1安装软件包 [rootstorage ~]# dnf install lvm2 device-mapper-persistent-data scsi-target-utils rpcbind nfs-utils openstack-cinder-volume openstack-cinder-backup 2配置lvm卷组 [rootstorage ~]# pvcreate /dev/sdb [rootstorage ~]# vgcreate cinder-volumes /dev/sdb 3修改cinder配置/etc/cinder/cinder.conf [DEFAULT] transport_url rabbit://openstack:RABBIT_PASScontroller auth_strategy keystone my_ip 192.168.110.152 enabled_backends lvm glance_api_servers http://controller:9292 [keystone_authtoken] www_authenticate_uri http://controller:5000 auth_url http://controller:5000 memcached_servers controller:11211 auth_type password project_domain_name default user_domain_name default project_name service username cinder password CINDER_PASS [database] connection mysqlpymysql://cinder:CINDER_DBPASScontroller/cinder [lvm] volume_driver cinder.volume.drivers.lvm.LVMVolumeDriver volume_group cinder-volumes target_protocol iscsi target_helper lioadm [oslo_concurrency] lock_path /var/lib/cinder/tmp 4启动服务 [rootcontroller ~]# systemctl restart openstack-nova-api [rootcontroller ~]# systemctl start openstack-cinder-api openstack-cinder-schedulr 5验证 Controller节点 [rootcontroller ~]# source ~/.admin-openrc [rootcontroller ~]# openstack volume service list 创建一个卷来验证配置是否正确 [rootcontroller ~]# openstack volume create --size 1 test-volume [rootcontroller ~]# openstack volume list 2.7 Horizon orizon是OpenStack提供的前端页面可以让用户通过网页鼠标的操作来控制OpenStack集群而不用繁琐的CLI命令行。Horizon一般部署在控制节点。 1安装软件包 [rootcontroller ~]# dnf install openstack-dashboard 2修改配置文件/etc/openstack-dashboard/local_settings OPENSTACK_HOST controller ALLOWED_HOSTS [*, ] OPENSTACK_KEYSTONE_URL http://controller:5000/v3 SESSION_ENGINE django.contrib.sessions.backends.cache CACHES { default: { BACKEND: django.core.cache.backends.memcached.MemcachedCache, LOCATION: controller:11211, } } OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT True OPENSTACK_KEYSTONE_DEFAULT_DOMAIN Default OPENSTACK_KEYSTONE_DEFAULT_ROLE member WEBROOT /dashboard POLICY_FILES_PATH /etc/openstack-dashboard OPENSTACK_API_VERSIONS { identity: 3, image: 2, volume: 3, } 重启服务 [rootcontroller ~]# systemctl restart httpd

查看全文

http://www.hkea.cn/news/14581446/